On 8/3/05, Eric Anholt <[EMAIL PROTECTED]> wrote: > On Wed, 2005-08-03 at 14:39 -0400, Jon Smirl wrote: > > > ioctls where removing the root check introduces privelege escalation for > > > users with read access to the DRM device (at least): > > > - DRM_R128_INDIRECT > > > - DRM_RADEON_INDIRECT > > > > How do we secure these? > > By requiring root. But I didn't review all the ioctls, so these might > not be all of the root-requiring ioctls that continue to need it.
I thought we built a command verifier to check things like this. Does DRM need to copy, verify, then execute? > > -- > Eric Anholt [EMAIL PROTECTED] > http://people.freebsd.org/~anholt/ [EMAIL PROTECTED] > -- Jon Smirl [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- _______________________________________________ Dri-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dri-devel
